I have just finished attending GMU 2013 Computer Crime and Digital Training put on by the Regional Computer Forensic Group (RCFG) in Fairfax, VA, USA from August 5 - 9.
Disclaimer: I was a paid attendee, was not a presenter and am in no way affiliated with the RCFG or GMU. I did not know any of the presenters before the conference and I am writing of my personal experiences and opinions which belong to me alone. If I err in any way, I accept full responsibility, and please feel free to correct me.
The cost for the entire conference was less than $200 for pre-registration and $250 for late registration. For that fee you could enrol in 3-4 labs and attend as many lectures as you wished. The entire schedule is available here: Guidebook Conference Schedule or as an Android or Apple app.
Presenters were volunteers, and the university provided the space. The vendors sponsored the event and further defrayed the costs. A ton of swag and prizes were given out at the booths and by draws at lunch or at the BBQ. I was fortunate enough to win a Tableau bridge and a SUMURI USB. The organizers also provided a mechanism for interested people to meet in the evenings to do a DC tour, a Nationals baseball game and a pub crawl.
Overall, the conference was excellent, with a wide range of American and International attendees. I was impressed by the knowledge of the presenters and the attendees. There were some sessions cancelled at the last minute (which would seem unavoidable), but I was able to grab another session on short notice in all cases. I liked the method of making any open seats at labs available to the participants.
In this day of government (my employer) restrictions on travel and training budgets, I chose to self-fund this training. I believe that my investment was a worthy one, and given my review of the number of classes and labs that I did not attend, but wanted to, I suspect I will be attending next year as well. I recommend this conference for anyone in Digital Forensics, both in the hands-on and in the management sides.
Given their generosity, it seems right to list the sponsors below (and my apologies if I miss anyone):
Access Data
BlackBag Technologies
Digital Intelligence
Fernico
Forensic Computers
Katana Forensics
Cellebrite
Guidance Software
High Tech Crime Institute Group
Micro Systemation
Nuix
SUMURI
Tableau
Alvarez & Marsal Holdings, LLC
Backbone Security / Steganography Analysis and Research Center
Belkasoft
Dell
George Washington University
H-11 Digital Forensics
(ISC)2
Oxygen Forensics Suite
Paraben
Susteen
InfoSec Mash
The sessions that I attended, along with my comments:
Keynote Addresses:
Timothy Leschke spoke about data visualization and his doctoral work. His presentation was very interesting, and offered a glimpse into the future given the increasing amount of data for analysis.
Abigail Abraham spoke - excellently - without slides (or a microphone) and gave us a peek behind the curtain about the release of information from an ISP and the legal challenges at their end.
Stega-What? A Beginner's Guide to Digital Steganography
Chad Davis - Backbone Security
Chad provided an interesting introduction to steganography, and a quick look at some of the tools that are available to detect it.
Social Media Digital Forensics
Brian Lockrey
Brian gave a broad overview of techniques for social media data collection. In my opinion, this was less about forensics and more about intelligence gathering.
Cellebrite - Malware in SmartPhone Investigations
John "Zeke" Thackray - H-11 Digital Forensics
Zeke was one of the conference's most dynamic presenters and gave an excellent overview of malware on mobile devices. This presentation was not vendor-specific, despite the title.
Even Geeks Can Speak
Steve Beltz
Steve spoke about presentation techniques to avoid "Death by PowerPoint" and how not to over-use bullet points and text. Steve was the single best presenter of the conference in my opinion, and I would recommend that anyone who presents or teaches treat this course as mandatory.
Mac OS Forensics - LAB
Ryan Kubasiak - BlackBag Technologies
Ryan, owner of AppleExaminer.com, gave an inspiring presentation about the Mac OS and demonstrated BlackBag's tools. It was nice to have the hands-on with the computer in the lab, but I would not hesitate to simply observe this presentation if computers were not available.
NCMEC - National Center for Missing and Exploited Children
Erin Cunningham
Erin's presentation provided an overview of the terrific work being done at NCMEC, and was useful even for an International participant such as me. Her passion for the work was clear and hopefully NCMEC's resources will continue to be increasingly utilized.
Structured/Unstructured Data
Steve Beltz
Steve gave another superb presentation, this time about the Federal Recovery Operation Center's reactive and proactive work with big data in investigations and investigative support roles.
FBI Mobile Forensic Lab Tour
The FBI was kind enough to allow a walk through of their very impressive mobile lab. (I want one!)
Windows Artifacts in Metadata and the Windows Registry
Jon Hansen - H-11 Digital Forensics
Jon took the class on a tour from the dawn of DOS to the current flavours of Windows and the evolution of the Windows Registry. He did an excellent job and provided something for all levels of experience and background.
Computer Forensic Administration
Tobin Craig
The speaker was unavailable, so Tobin was kind enough to spontaneously lead a round-table discussion on some of the issues that lab managers are facing in today's environment. The discussion was very enlightening and participation was very good amongst the group. I think that this topic definitely has merit for inclusion in future conferences.
N-Gram Program
Paul Herrmann
I arrived in Paul's class after a cancellation of another session, but it was very worthy of the time. Paul spoke about the research and development of N-Gram techniques as they pertain to authorship analysis in email cases.
In-Depth Steganography Examination, Detection and Hidden Information Extraction - LAB
Chad Davis - Backbone Security
Chad ran a very interesting lab about Steganography in general and allowed the participants to use some of the stego tools to gain an understanding of how they work. He then demonstrated the Steganography Analysis and Research Center (SARC)'s tools. Chad did a great job of presenting in 4 hours what could easily be a 4-day course.
EnCase Advanced 401 - LAB
Kim Thompson
Matt Anderson - H-11 Digital Forensics
Matt presented on EnCase analysis of Linux OS. He was both engaging and knowledgeable.
Kim presented on Linux itself and worked through command line instructions. He, too, did a great job, especially in demonstrating the power and the possibilities inherent in Linux.
↧
